shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

small refactoring, add efm8 reset

Browse Source
This commit is contained in:
Conor Patrick 2018-07-15 12:24:32 -04:00
parent dad7d90481
commit a54cbd60a1
14 changed files with 104 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -71,3 +71,6 @@ mbedtls/
sl_crypto/ sl_crypto/
tools/python-fido2/* tools/python-fido2/*
*.pem *.pem
*.bin
*.key

2
efm32/.cproject
View File

@ -226,7 +226,7 @@
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/> <storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration> </cconfiguration>
</storageModule> </storageModule>
<storageModule moduleId="com.silabs.ss.framework.ide.project.core.cpp" project.generation="114" projectCommon.boardIds="brd2500a:0.0.0" projectCommon.buildArtifactType="EXE" projectCommon.importModeId="COPY" projectCommon.partId="mcu.arm.efm32.pg1.efm32pg1b200f256gm48" projectCommon.sdkId="com.silabs.sdk.stack.super:1.1.1._310456152"/> <storageModule moduleId="com.silabs.ss.framework.ide.project.core.cpp" project.generation="118" projectCommon.boardIds="brd2500a:0.0.0" projectCommon.buildArtifactType="EXE" projectCommon.importModeId="COPY" projectCommon.partId="mcu.arm.efm32.pg1.efm32pg1b200f256gm48" projectCommon.sdkId="com.silabs.sdk.stack.super:1.1.1._310456152"/>
<storageModule moduleId="cdtBuildSystem" version="4.0.0"> <storageModule moduleId="cdtBuildSystem" version="4.0.0">
<project id="EFM32.com.silabs.ss.framework.ide.project.core.cdt.cdtMbsProjectType.1696568425" name="SLS CDT Project" projectType="com.silabs.ss.framework.ide.project.core.cdt.cdtMbsProjectType"/> <project id="EFM32.com.silabs.ss.framework.ide.project.core.cdt.cdtMbsProjectType.1696568425" name="SLS CDT Project" projectType="com.silabs.ss.framework.ide.project.core.cdt.cdtMbsProjectType"/>
</storageModule> </storageModule>

5
efm32/EFM32.hwconf
View File

@ -25,6 +25,11 @@
<property object="PA5" propertyId="ports.settings.pinmode" value="Push-pull"/> <property object="PA5" propertyId="ports.settings.pinmode" value="Push-pull"/>
<property object="PA5" propertyId="ports.settings.pulldirection" value="Pullup"/> <property object="PA5" propertyId="ports.settings.pulldirection" value="Pullup"/>
<property object="PA5" propertyId="ports.settings.pullup" value="Enabled"/> <property object="PA5" propertyId="ports.settings.pullup" value="Enabled"/>
<property object="PB13" propertyId="ports.settings.dout" value="1"/>
<property object="PB13" propertyId="ports.settings.filter" value="Enabled"/>
<property object="PB13" propertyId="ports.settings.pinmode" value="Push-pull"/>
<property object="PB13" propertyId="ports.settings.pulldirection" value="Pullup"/>
<property object="PB13" propertyId="ports.settings.pullup" value="Enabled"/>
<property object="PC10" propertyId="ports.settings.dout" value="1"/> <property object="PC10" propertyId="ports.settings.dout" value="1"/>
<property object="PC10" propertyId="ports.settings.filter" value="Enabled"/> <property object="PC10" propertyId="ports.settings.filter" value="Enabled"/>
<property object="PC10" propertyId="ports.settings.pinmode" value="Push-pull"/> <property object="PC10" propertyId="ports.settings.pinmode" value="Push-pull"/>

6
efm32/inc/app.h
View File

@ -8,7 +8,7 @@
#ifndef SRC_APP_H_ #ifndef SRC_APP_H_
#define SRC_APP_H_ #define SRC_APP_H_
#define DEBUG_LEVEL 1
#define PRINTING_USE_VCOM #define PRINTING_USE_VCOM
@ -16,6 +16,10 @@
#define BRIDGE_TO_WALLET #define BRIDGE_TO_WALLET
//#define DISABLE_CTAPHID_PING
//#define DISABLE_CTAPHID_WINK
#define DISABLE_CTAPHID_CBOR
void printing_init(); void printing_init();

3
efm32/src/InitDevice.c
View File

@ -615,6 +615,9 @@ extern void PORTIO_enter_DefaultMode_from_RESET(void) {
// [Port A Configuration]$ // [Port A Configuration]$
// $[Port B Configuration] // $[Port B Configuration]
/* Pin PB13 is configured to Push-pull */
GPIO_PinModeSet(gpioPortB, 13, gpioModePushPull, 1);
// [Port B Configuration]$ // [Port B Configuration]$
// $[Port C Configuration] // $[Port C Configuration]

12
efm32/src/crypto.c
View File

@ -91,7 +91,7 @@ void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac)
if(klen > 64) if(klen > 64)
{ {
printf("Error, key size must be <= 64\n"); printf2(TAG_ERR,"Error, key size must be <= 64\n");
exit(1); exit(1);
} }
@ -121,7 +121,7 @@ void crypto_sha256_hmac_final(uint8_t * key, uint32_t klen, uint8_t * hmac)
if(klen > 64) if(klen > 64)
{ {
printf("Error, key size must be <= 64\n"); printf2(TAG_ERR,"Error, key size must be <= 64\n");
exit(1); exit(1);
} }
memmove(buf, key, klen); memmove(buf, key, klen);
@ -274,7 +274,7 @@ void crypto_ecc256_sign(uint8_t * data, int len, uint8_t * sig)
if ( uECC_sign(_signing_key, data, len, sig, _es256_curve) == 0) if ( uECC_sign(_signing_key, data, len, sig, _es256_curve) == 0)
{ {
printf("error, uECC failed\n"); printf2(TAG_ERR,"error, uECC failed\n");
exit(1); exit(1);
} }
@ -305,7 +305,7 @@ void crypto_ecdsa_sign(uint8_t * data, int len, uint8_t * sig, int MBEDTLS_ECP_I
if (_key_len != 32) goto fail; if (_key_len != 32) goto fail;
break; break;
default: default:
printf("error, invalid ECDSA alg specifier\n"); printf2(TAG_ERR,"error, invalid ECDSA alg specifier\n");
exit(1); exit(1);
} }
@ -568,7 +568,7 @@ void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey)
{ {
if (uECC_make_key(pubkey, privkey, _es256_curve) != 1) if (uECC_make_key(pubkey, privkey, _es256_curve) != 1)
{ {
printf("Error, uECC_make_key failed\n"); printf2(TAG_ERR,"Error, uECC_make_key failed\n");
exit(1); exit(1);
} }
} }
@ -577,7 +577,7 @@ void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey
{ {
if (uECC_shared_secret(pubkey, privkey, shared_secret, _es256_curve) != 1) if (uECC_shared_secret(pubkey, privkey, shared_secret, _es256_curve) != 1)
{ {
printf("Error, uECC_shared_secret failed\n"); printf2(TAG_ERR,"Error, uECC_shared_secret failed\n");
exit(1); exit(1);
} }

59
efm32/src/device.c
View File

@ -21,10 +21,13 @@
#include "ctaphid.h" #include "ctaphid.h"
#include "util.h" #include "util.h"
#include "app.h" #include "app.h"
#include "uECC.h"
#include "crypto.h"
#define MSG_AVAIL_PIN gpioPortC,9 #define MSG_AVAIL_PIN gpioPortC,9
#define RDY_PIN gpioPortC,10 #define RDY_PIN gpioPortC,10
#define RW_PIN gpioPortD,11 #define RW_PIN gpioPortD,11
#define RESET_PIN gpioPortB,13
#define PAGE_SIZE 2048 #define PAGE_SIZE 2048
#define PAGES 128 #define PAGES 128
@ -302,14 +305,22 @@ int authenticator_is_backup_initialized()
} }
uint8_t adc_rng(void); uint8_t adc_rng(void);
void reset_efm8()
{
// Reset EFM8
GPIO_PinOutClear(RESET_PIN);
delay(2);
GPIO_PinOutSet(RESET_PIN);
}
void bootloader_init(void) void bootloader_init(void)
{ {
/* Chip errata */ /* Chip errata */
// Reset EFM8
GPIO_PinModeSet(RESET_PIN, gpioModePushPull, 1);
// status LEDS // status LEDS
GPIO_PinModeSet(gpioPortF, GPIO_PinModeSet(gpioPortF,
@ -341,8 +352,6 @@ void bootloader_init(void)
MSC_Init(); MSC_Init();
} }
@ -374,6 +383,9 @@ void device_init(void)
// SPI R/w Indicator // SPI R/w Indicator
GPIO_PinModeSet(RW_PIN, gpioModePushPull, 1); GPIO_PinModeSet(RW_PIN, gpioModePushPull, 1);
// Reset EFM8
GPIO_PinModeSet(RESET_PIN, gpioModePushPull, 1);
// USB message rdy ext int // USB message rdy ext int
// GPIO_ExtIntConfig(gpioPortC, 9, 9, 1, 0,1); // GPIO_ExtIntConfig(gpioPortC, 9, 9, 1, 0,1);
// NVIC_EnableIRQ(GPIO_ODD_IRQn); // NVIC_EnableIRQ(GPIO_ODD_IRQn);
@ -396,16 +408,17 @@ void device_init(void)
uint8_t buf[64]; uint8_t buf[64];
cbor_encoder_init(&test, buf, 20, 0); cbor_encoder_init(&test, buf, 20, 0);
printf("Device init\r\n"); reset_efm8();
printf1(TAG_GEN,"Device init\r\n");
int i=0; int i=0;
for (i = 0; i < sizeof(buf); i++) for (i = 0; i < sizeof(buf); i++)
{ {
buf[i] = adc_rng(); buf[i] = adc_rng();
} }
dump_hex(buf,sizeof(buf));
} }
#ifdef IS_BOOTLOADER
typedef enum typedef enum
{ {
BootWrite = 0x40, BootWrite = 0x40,
@ -451,6 +464,10 @@ int bootloader_bridge(uint8_t klen, uint8_t * keyh)
static int has_erased = 0; static int has_erased = 0;
BootloaderReq * req = (BootloaderReq * )keyh; BootloaderReq * req = (BootloaderReq * )keyh;
uint8_t payload[256]; uint8_t payload[256];
uint8_t hash[32];
uint8_t * pubkey = (uint8_t*)"\x57\xe6\x80\x39\x56\x46\x2f\x0c\x95\xac\x72\x71\xf0\xbc\xe8\x2d\x67\xd0\x59\x29\x2e\x15\x22\x89\x6a\xbd\x3f\x7f\x27\xf3\xc0\xc6\xe2\xd7\x7d\x8a\x9f\xcc\x53\xc5\x91\xb2\x0c\x9c\x3b\x4e\xa4\x87\x31\x67\xb4\xa9\x4b\x0e\x8d\x06\x67\xd8\xc5\xef\x2c\x50\x4a\x55";
const struct uECC_Curve_t * curve = NULL;
/*printf("bootloader_bridge\n");*/ /*printf("bootloader_bridge\n");*/
if (req->len > 255-9) if (req->len > 255-9)
{ {
@ -471,17 +488,39 @@ int bootloader_bridge(uint8_t klen, uint8_t * keyh)
{ {
return CTAP2_ERR_NOT_ALLOWED; return CTAP2_ERR_NOT_ALLOWED;
} }
if (!has_erased) if (!has_erased)
{ {
erase_application(); erase_application();
has_erased = 1; has_erased = 1;
} }
if (is_authorized_to_boot())
{
printf2(TAG_ERR, "Error, boot check bypassed\n");
exit(1);
}
MSC_WriteWordFast(ptr,payload, req->len + (req->len%4)); MSC_WriteWordFast(ptr,payload, req->len + (req->len%4));
break; break;
case BootDone: case BootDone:
/*printf("BootDone\n");*/ // printf("BootDone\n");
ptr = APPLICATION_START_ADDR;
crypto_sha256_init();
crypto_sha256_update(ptr, APPLICATION_END_ADDR-APPLICATION_START_ADDR);
crypto_sha256_final(hash);
// printf("hash: "); dump_hex(hash, 32);
// printf("sig: "); dump_hex(payload, 64);
curve = uECC_secp256r1();
if (! uECC_verify(pubkey,
hash,
32,
payload,
curve))
{
return CTAP2_ERR_OPERATION_DENIED;
}
authorize_application(); authorize_application();
NVIC_SystemReset(); REBOOT_FLAG = 1;
break; break;
case BootCheck: case BootCheck:
/*printf("BootCheck\n");*/ /*printf("BootCheck\n");*/
@ -504,4 +543,4 @@ int is_authorized_to_boot()
return *auth == 0; return *auth == 0;
} }
#endif

4
efm32boot/inc/app.h
View File

@ -10,6 +10,8 @@
#define IS_BOOTLOADER #define IS_BOOTLOADER
#define DEBUG_LEVEL 0
#define PRINTING_USE_VCOM #define PRINTING_USE_VCOM
#define USING_DEV_BOARD #define USING_DEV_BOARD
@ -20,7 +22,7 @@
#define PUSH_BUTTON gpioPortF,6 #define PUSH_BUTTON gpioPortF,6
#define DISABLE_CTAPHID_PING //#define DISABLE_CTAPHID_PING
#define DISABLE_CTAPHID_WINK #define DISABLE_CTAPHID_WINK
#define DISABLE_CTAPHID_CBOR #define DISABLE_CTAPHID_CBOR

17
efm32boot/src/crypto.c
View File

@ -19,6 +19,7 @@
#include "ctap.h" #include "ctap.h"
#include "device.h" #include "device.h"
#include "app.h" #include "app.h"
#include "log.h"
#if defined(USING_PC) || defined(IS_BOOTLOADER) #if defined(USING_PC) || defined(IS_BOOTLOADER)
typedef enum typedef enum
@ -101,7 +102,7 @@ void crypto_sha256_hmac_init(uint8_t * key, uint32_t klen, uint8_t * hmac)
if(klen > 64) if(klen > 64)
{ {
printf("Error, key size must be <= 64\n"); printf2(TAG_ERR,"Error, key size must be <= 64\n");
exit(1); exit(1);
} }
@ -131,7 +132,7 @@ void crypto_sha256_hmac_final(uint8_t * key, uint32_t klen, uint8_t * hmac)
if(klen > 64) if(klen > 64)
{ {
printf("Error, key size must be <= 64\n"); printf2(TAG_ERR,"Error, key size must be <= 64\n");
exit(1); exit(1);
} }
memmove(buf, key, klen); memmove(buf, key, klen);
@ -165,7 +166,7 @@ void crypto_ecc256_sign(uint8_t * data, int len, uint8_t * sig)
{ {
if ( uECC_sign(_signing_key, data, len, sig, _es256_curve) == 0) if ( uECC_sign(_signing_key, data, len, sig, _es256_curve) == 0)
{ {
printf("error, uECC failed\n"); printf2(TAG_ERR,"error, uECC failed\n");
exit(1); exit(1);
} }
} }
@ -190,19 +191,19 @@ void crypto_ecdsa_sign(uint8_t * data, int len, uint8_t * sig, int MBEDTLS_ECP_I
if (_key_len != 32) goto fail; if (_key_len != 32) goto fail;
break; break;
default: default:
printf("error, invalid ECDSA alg specifier\n"); printf2(TAG_ERR,"error, invalid ECDSA alg specifier\n");
exit(1); exit(1);
} }
if ( uECC_sign(_signing_key, data, len, sig, curve) == 0) if ( uECC_sign(_signing_key, data, len, sig, curve) == 0)
{ {
printf("error, uECC failed\n"); printf2(TAG_ERR,"error, uECC failed\n");
exit(1); exit(1);
} }
return; return;
fail: fail:
printf("error, invalid key length\n"); printf2(TAG_ERR,"error, invalid key length\n");
exit(1); exit(1);
} }
@ -242,7 +243,7 @@ void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey)
{ {
if (uECC_make_key(pubkey, privkey, _es256_curve) != 1) if (uECC_make_key(pubkey, privkey, _es256_curve) != 1)
{ {
printf("Error, uECC_make_key failed\n"); printf2(TAG_ERR,"Error, uECC_make_key failed\n");
exit(1); exit(1);
} }
} }
@ -251,7 +252,7 @@ void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey
{ {
if (uECC_shared_secret(pubkey, privkey, shared_secret, _es256_curve) != 1) if (uECC_shared_secret(pubkey, privkey, shared_secret, _es256_curve) != 1)
{ {
printf("Error, uECC_shared_secret failed\n"); printf2(TAG_ERR,"Error, uECC_shared_secret failed\n");
exit(1); exit(1);
} }

9
efm32boot/src/main.c
View File

@ -51,7 +51,7 @@ int main(void)
TAG_ERR TAG_ERR
); );
printf("Bootloader init\r\n"); printf1(TAG_GEN,"Bootloader init\r\n");
if (GPIO_PinInGet(PUSH_BUTTON) == 0) if (GPIO_PinInGet(PUSH_BUTTON) == 0)
{ {
@ -60,8 +60,9 @@ int main(void)
; ;
if (GPIO_PinInGet(PUSH_BUTTON) == 0) { if (GPIO_PinInGet(PUSH_BUTTON) == 0) {
bootmode: bootmode:
printf("Reflash condition detected\n"); printf1(TAG_GEN,"Reflash condition detected\n");
ctaphid_init(); ctaphid_init();
reset_efm8();
/* Infinite loop */ /* Infinite loop */
int count = 0; int count = 0;
while (1) { while (1) {
@ -97,13 +98,13 @@ bootmode:
} }
} }
printf("Normal boot\n"); printf1(TAG_GEN,"Normal boot\n");
if (is_authorized_to_boot()) if (is_authorized_to_boot())
{ {
BOOT_boot(); BOOT_boot();
} else { } else {
printf("Warning: not authorized to boot\n"); printf1(TAG_GEN,"Warning: not authorized to boot\n");
goto bootmode; goto bootmode;
} }

2
fido2/ctap.c
View File

@ -890,7 +890,7 @@ uint8_t ctap_update_pin_if_verified(uint8_t * pinEnc, int len, uint8_t * platfor
crypto_aes256_decrypt(pinEnc, len); crypto_aes256_decrypt(pinEnc, len);
printf("new pin: %s\n", pinEnc); printf1(TAG_CP,"new pin: %s\n", pinEnc);
ret = strnlen((const char *)pinEnc, NEW_PIN_ENC_MAX_SIZE); ret = strnlen((const char *)pinEnc, NEW_PIN_ENC_MAX_SIZE);
if (ret == NEW_PIN_ENC_MAX_SIZE) if (ret == NEW_PIN_ENC_MAX_SIZE)

8
fido2/log.h
View File

@ -1,7 +1,12 @@
#ifndef _LOG_H #ifndef _LOG_H
#define _LOG_H #define _LOG_H
#define DEBUG_LEVEL 1 #include "app.h"
#ifndef DEBUG_LEVEL
#define DEBUG_LEVEL 0
#endif
#define ENABLE_FILE_LOGGING #define ENABLE_FILE_LOGGING
void LOG(uint32_t tag, const char * filename, int num, const char * fmt, ...); void LOG(uint32_t tag, const char * filename, int num, const char * fmt, ...);
@ -44,6 +49,7 @@ typedef enum
#define printf1(fmt, ...) #define printf1(fmt, ...)
#define printf2(fmt, ...) #define printf2(fmt, ...)
#define printf3(fmt, ...) #define printf3(fmt, ...)
#define dump_hex1(tag,data,len)
#endif #endif

8
fido2/wallet.c
View File

@ -390,8 +390,8 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui
{ {
if ( ! check_pinhash(req->pinAuth, msg_buf, reqlen)) if ( ! check_pinhash(req->pinAuth, msg_buf, reqlen))
{ {
printf1(TAG_WALLET,"pinAuth is NOT valid\n"); printf2(TAG_ERR,"pinAuth is NOT valid\n");
dump_hex(msg_buf,reqlen); dump_hex1(TAG_ERR,msg_buf,reqlen);
ret = CTAP2_ERR_PIN_AUTH_INVALID; ret = CTAP2_ERR_PIN_AUTH_INVALID;
goto cleanup; goto cleanup;
} }
@ -427,8 +427,8 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui
{ {
if ( ! check_pinhash(req->pinAuth, msg_buf, reqlen)) if ( ! check_pinhash(req->pinAuth, msg_buf, reqlen))
{ {
printf1(TAG_WALLET,"pinAuth is NOT valid\n"); printf2(TAG_ERR,"pinAuth is NOT valid\n");
dump_hex(msg_buf,reqlen); dump_hex1(TAG_ERR,msg_buf,reqlen);
ret = CTAP2_ERR_PIN_AUTH_INVALID; ret = CTAP2_ERR_PIN_AUTH_INVALID;
goto cleanup; goto cleanup;
} }

5
web/js/wallet.js
View File

@ -1367,6 +1367,7 @@ async function run_tests() {
p = await dev.bootloader_finish(sig); p = await dev.bootloader_finish(sig);
TEST(p.status == 'CTAP1_SUCCESS', 'Device booted new image with correct signature'); TEST(p.status == 'CTAP1_SUCCESS', 'Device booted new image with correct signature');
document.getElementById('progress').textContent = ''+100+' %';
} }
//while(1) //while(1)
@ -1377,9 +1378,9 @@ async function run_tests() {
//await test_rng(); //await test_rng();
//} //}
//await benchmark(); //await benchmark();
//await test_persistence(); await test_persistence();
await test_bootloader(); //await test_bootloader();
} }